Blog

Some posts are only available in our Swedish blog

2025-05-09 / jakob

Locked Shields 2025

In early may, Kirei staff participated in the cyber defense exercise Locked Shields. Locked Shields is the world’s biggest cyber defense exercise and are arranged early by NATO’s Cyber Defense Centre of Excellence (CCD CoE) located in Tallinn.
2016-01-01 / jakob

10 years of Kirei

2016 is the 10th year of Kirei. It’s been 10 years full of interesting and challenging assignments. We’re looking at the future with great curiosity and joy, and would like to thank all our customers for good teamwork during our first 10 years.
2013-09-23 / jakob

Infoblox & DNSSEC

Infoblox NIOS implements very basic DNSSEC signing functionality. DNSSEC capabilities in general and key management capabilities in particular are very limited compared to other implementations. Several design choices seems to have been made without considering best current practices from operational experience. Unless the current design changes, we cannot recommend Infoblox NIOS for managing DNSSEC-signed zones.
2011-07-01 / kirei

Vacation!

Kirei is now off on vacation and we’ll be back in the beginning of August. We wish all our customers, colleagues and friends a nice and relaxing summer!
2011-03-27 / jakob

Death of the PKI dragons?

The recent attack on the Comodo Certification Authority has not only shown how vulnerable the current public key infrastructure is, but also that the protocols (e.g., OSCP) used to mitigate these vulnerabilities once exploited, are not in use, not implemented correctly or not even implemented att all. Is this the beginning of the death of the PKI dragons and what alternatives do we have?
2010-06-20 / kirei

The first Root Zone Key Signing Key

The first Root Zone Key Signing Key was generated June 16, 2010, at 21:19 (UTC) during a key ceremony in Culpeper, VA.
2010-06-19 / jakob

Top Level Domains and a Signed Root

With DNSSEC for the root zone going into production in a couple of weeks, it is now possible for Top Level Domain (TLD) managers to submit their Delegation Signer (DS) information to IANA. But what does this really mean for a TLD? In this post we’re going to try to sort that out.
2010-04-18 / jakob

Kirei & DNSSEC for the Root Zone

As many of you know already, Kirei - as part of the Root DNSSEC Design Team, and on behalf of ICANN - has a central role in implementing DNSSEC for the Root Zone. The team, consisting of a group of Internet and security experts from ICANN, VeriSign and Kirei, has been working closely together with the primary objective of implementing a stable and secure solution for DNSSEC at the Root Zone ready by July 2010.
2010-02-04 / jakob

Using OpenDNSSEC for managing keys in BIND

In deployment scenarios where you require dynamic updates, or want to use a HSM which requires multiple threads for decent signing performance, OpenDNSSEC version 1.x come short. There are plans for how to address this in version 2.x, but fortunately there are other options until then.
2009-12-31 / kirei

Happy New Year!

Kirei wish all our customers, colleagues and friends a very happy new year. We leave 2009 behind us - a year that despite financial crisis and pandemic viruses was a prosperous year for Kirei.
2009-08-03 / jakob

OpenDNSSEC Technology Preview
Last week, Kirei in co-operation with .SE, John A Dickinson, NLnet Labs, Nominet, SIDN and SURFnet, released a technology preview of OpenDNSSEC.
- Press release
2009-06-25 / kirei

Vacation!

Kirei is off to vacation – see you again in August or at the IETF-meeting in Stockholm!
2009-04-07 / jakob

SIP Anycast Signaling
2009-04-02 / fredrik

Complexity is the Achilles Heel of eID
2009-03-22 / fredrik

Shared responsibility for the root zone key signing key (KSK)?

Awaiting the signing of the root zone there has been an extensive discussion regarding who should control the cryptographic key signing key (KSK) forming the basis for validating the root zone, and consequently also all lower-level domains of the Domain Name System (DNS). At stake is the trust in the root zone and the confidence for the corporation administering and implementing it, i.e. ICANN. The threat they’re trying to avert is a partitioning of the Internet into several alternative root zones. To strengthen ICANN’s legitimacy and the trust in the root zone some people are advocating that the control of the key signing keys should be divided between several interest groups through so called M-of-N control.